public void SessionSetupRequest()
{
uint status = 0;
SESSION_SETUP_Response?sessionSetupResponse = null;
status = testClient.SessionSetup(
testConfig.DefaultSecurityPackage,
testConfig.SutComputerName,
testConfig.AccountCredential,
testConfig.UseServerGssToken,
checker: (header, response) =>
{
sessionSetupResponse = response;
});
SessionEncryptDataType sessionEncryptDataType = sessionSetupResponse.Value.SessionFlags.HasFlag(SessionFlags_Values.SESSION_FLAG_ENCRYPT_DATA) ? SessionEncryptDataType.SessionEncryptDataSet : SessionEncryptDataType.SessionEncryptDataNotSet;
SessionSetupResponse((ModelSmb2Status)status, sessionEncryptDataType, encryptionConfig);
}
public static void SessionSetupResponse(ModelSmb2Status status, SessionEncryptDataType sessionEncryptDataType, EncryptionConfig c)
{
Condition.IsTrue(state == ModelState.Connected);
Condition.IsTrue(config.IsGlobalEncryptDataEnabled == c.IsGlobalEncryptDataEnabled);
Condition.IsTrue(config.IsGlobalRejectUnencryptedAccessEnabled == c.IsGlobalRejectUnencryptedAccessEnabled);
if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported) &&
!Smb2Utility.IsSmb3xFamily(negotiateDialect) &&
config.IsGlobalEncryptDataEnabled &&
config.IsGlobalRejectUnencryptedAccessEnabled)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5: 1. If the server implements the SMB 3.x dialect family, " +
"Connection.Dialect does not belong to the SMB 3.x dialect family, EncryptData is TRUE, " +
"and RejectUnencryptedAccess is TRUE, the server MUST fail the request with STATUS_ACCESS_DENIED.");
ModelHelper.Log(LogType.TestInfo,
"The server implements {0}, Connection.Dialect is {1}, EncryptData is TRUE and RejectUnencryptedAccess is TRUE",
config.MaxSmbVersionSupported, negotiateDialect);
ModelHelper.Log(LogType.TestTag, TestTag.Compatibility);
Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED);
return;
}
if (Smb2Utility.IsSmb3xFamily(negotiateDialect) &&
config.IsGlobalEncryptDataEnabled &&
config.IsGlobalRejectUnencryptedAccessEnabled &&
!Connection_ClientCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5: 2. If Connection.Dialect belongs to the SMB 3.x dialect family, " +
"EncryptData is TRUE, RejectUnencryptedAccess is TRUE, " +
"and Connection.ClientCapabilities does not include the SMB2_GLOBAL_CAP_ENCRYPTION bit, " +
"the server MUST fail the request with STATUS_ACCESS_DENIED.");
ModelHelper.Log(LogType.TestInfo,
"Connection.Dialect is {0}, EncryptData is TRUE, RejectUnencryptedAccess is TRUE, " +
"and Connection.ClientCapabilities does not include the SMB2_GLOBAL_CAP_ENCRYPTION bit.", negotiateDialect);
ModelHelper.Log(LogType.TestTag, TestTag.Compatibility);
Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED);
return;
}
if (Smb2Utility.IsSmb3xFamily(negotiateDialect) &&
config.IsGlobalEncryptDataEnabled &&
(Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION ||
config.IsGlobalRejectUnencryptedAccessEnabled))
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5.3: 10. If global EncryptData is TRUE, the server MUST do the following: " +
"If Connection.ServerCapabilities includes SMB2_GLOBAL_CAP_ENCRYPTION or RejectUnencryptedAccess is TRUE,");
Condition.IsTrue(sessionEncryptDataType == SessionEncryptDataType.SessionEncryptDataSet);
Session_EncryptData = SessionEncryptDataType.SessionEncryptDataSet;
}
Condition.IsTrue(status == Smb2Status.STATUS_SUCCESS);
Session_IsExisted = true;
}
public static void SessionSetupResponse(ModelSmb2Status status, SessionEncryptDataType sessionEncryptDataType, EncryptionConfig c)
{
Condition.IsTrue(state == ModelState.Connected);
Condition.IsTrue(config.IsGlobalEncryptDataEnabled == c.IsGlobalEncryptDataEnabled);
Condition.IsTrue(config.IsGlobalRejectUnencryptedAccessEnabled == c.IsGlobalRejectUnencryptedAccessEnabled);
if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported)
&& !Smb2Utility.IsSmb3xFamily(negotiateDialect)
&& config.IsGlobalEncryptDataEnabled
&& config.IsGlobalRejectUnencryptedAccessEnabled)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5: 1. If the server implements the SMB 3.x dialect family, " +
"Connection.Dialect does not belong to the SMB 3.x dialect family, EncryptData is TRUE, " +
"and RejectUnencryptedAccess is TRUE, the server MUST fail the request with STATUS_ACCESS_DENIED.");
ModelHelper.Log(LogType.TestInfo,
"The server implements {0}, Connection.Dialect is {1}, EncryptData is TRUE and RejectUnencryptedAccess is TRUE",
config.MaxSmbVersionSupported, negotiateDialect);
ModelHelper.Log(LogType.TestTag, TestTag.Compatibility);
Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED);
return;
}
if (Smb2Utility.IsSmb3xFamily(negotiateDialect)
&& config.IsGlobalEncryptDataEnabled
&& config.IsGlobalRejectUnencryptedAccessEnabled
&& !Connection_ClientCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5: 2. If Connection.Dialect belongs to the SMB 3.x dialect family, " +
"EncryptData is TRUE, RejectUnencryptedAccess is TRUE, " +
"and Connection.ClientCapabilities does not include the SMB2_GLOBAL_CAP_ENCRYPTION bit, " +
"the server MUST fail the request with STATUS_ACCESS_DENIED.");
ModelHelper.Log(LogType.TestInfo,
"Connection.Dialect is {0}, EncryptData is TRUE, RejectUnencryptedAccess is TRUE, " +
"and Connection.ClientCapabilities does not include the SMB2_GLOBAL_CAP_ENCRYPTION bit.", negotiateDialect);
ModelHelper.Log(LogType.TestTag, TestTag.Compatibility);
Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED);
return;
}
if (Smb2Utility.IsSmb3xFamily(negotiateDialect)
&& config.IsGlobalEncryptDataEnabled
&& Connection_ClientCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5.3: 10. If Connection.Dialect belongs to the SMB 3.x dialect family, global EncryptData is TRUE, " +
"and Connection.ClientCapabilities includes the SMB2_GLOBAL_CAP_ENCRYPTION bit, the server MUST do the following:");
ModelHelper.Log(LogType.TestInfo, "Connection.Dialect is {0}, global EncryptData is TRUE, " +
"and Connection.ClientCapabilities includes the SMB2_GLOBAL_CAP_ENCRYPTION bit", negotiateDialect);
ModelHelper.Log(LogType.Requirement,
"\tSet the SMB2_SESSION_FLAG_ENCRYPT_DATA flag in the SessionFlags field of the SMB2 SESSION_SETUP Response.");
ModelHelper.Log(LogType.TestInfo, "SMB2_SESSION_FLAG_ENCRYPT_DATA flag is set in SESSION_SETUP Response.");
Condition.IsTrue(sessionEncryptDataType == SessionEncryptDataType.SessionEncryptDataSet);
Session_EncryptData = SessionEncryptDataType.SessionEncryptDataSet;
}
Condition.IsTrue(status == Smb2Status.STATUS_SUCCESS);
}
